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DETAILED ACJION 

1 . This office action is in response to Applicant's amendment filed on 1 1/8/2006. 
Claims 1,12 and 25 have been amended. Claims 1-29 are pending. 

Response to Arguments 

2. Applicant argues that the combination of the cited art, Brown and Kurowski, fails 
to disclose "in an event that the session is no longer authenticated, persisting as a 
pending request at the server, the request from the client and in an event that the 
session is subsequently re-authenticated, the server processing the pending request". 
Applicant contends that Kurowski teaches that the data cannot be sent from the client to 
the server because a network connection is down. However, Kurowski teaches a 
persistent mechanism is either provided to a local disk or to a server [0208] and storing 
any commands for the task server in a persistent queue if the network connection is 
down [0241]. The purpose of the persistent queue is to save the work so it can be 
processed by the server in the later time after the connection is reestablished. 

In response to Applicant's argument to claim 4, Applicant argues that the Office does 
not make any suggestion that Polizzi adds anything to the teaching of Brown and 
Kurowski in reference to claim 2. In the cited reference of Polizzi, mentioned three 
types of authentication, HTTP authentication, form based authetncation and cookie 
based authentication [Polizzi, [0074]. Brown, However, only talks about the HTTP 
authentication (prompting user for password through the browser [Brown, 0021]). 
Therefore, substituting one for . the other would have been obvious since cookie 
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contains information about the user's login parameters insuring that the user and only 
the user see the content on that website while the user is in session [0075] • 

Claim Rejections - 35 USC §112 

3. Claim 1 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. The amended limitation, "subsequent to establishing the 
authenticated session, receiving at the server, a request from the client; subsequent to 
receiving at the server, a request from the client, determining whether the session is 
still authenticated...". The amended claim recites a first "a request" (on line 11) and the 
second "a request" (on line 12) submitted to the server. It is unclear to the Examiner 
whether the second request is referring to the previously recited request or it is referring 
to a second request being submitted from the client. For the purpose of examination 
and based on the remark on page 17, first paragraph, Examiner interprets the claimed 
limitation on lines 1 1 to 12 to mean "subsequent to establishing the authenticated 
session, receiving at the server a request from the client; subsequent to receiving the 
request at the server, determining whether the session is still authenticated...". 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 



Application/Control Number: 1 0/081 ,755 Page 4 

Art Unit: 2134 

invention was made to a person having ordinary sl^ill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-3, and 5-29 are rejected under 35 U.S.C. 103(a) as being unpatentable 

over Brown et al. (U.S. Patent Application Application (U.S. 2003/0061288 A1, 

hereinafter Brown) in view of Kurowski et al. (U.S. Patent Publication No. 

2002/0019844, hereinafter Kurowski) 

In respect to claim 1, Brown discloses a method comprising: 

Establishing an authenticated session between a server and a client; subsequent 

to establishing the authenticated session, receiving at the server, a request from the 

client; subsequent to receiving at the server, a request from the client, determining 

whether the session is still authenticated (see Brown Fig. 4, and page 3, [0028] - 

[0030], ""a query is made whether user is authenticated. If not, a directive ...is sent 

back to the client"; "when the user is authenticated, a query is made as to whether the 

session is ended... if the session is still not ended, a server for the WAG transcoder farm 

queries user database for accessibility transforms to be applied for the requested 

device..."). Brown discloses directing the client to be authenticated in the event the 

client is not authenticated, but does not explicitly disclose persisting the client request 

as a pending request at the server. However, Kurowski discloses a persistent queue 

management subsystem is used for storing request from a client for the server when 

network is down (see Kurowski, [0208], "for some of the operations, the domain objects 

might depend on other subsystem that provide a persistence mechanism either to the 

local disk or to a server", [0241], "storing any command for task server in a persistent 

queue when the connection is down"). It would have been obvious to one of ordinary 
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skill in the art at the time the invention was made to implement the persistent queue 
provided at the server and saving work to store in a persistent queue for the task server 
to process at a later time when connection is down taught by Kurowski with the teaching 
of verifying if the client is authenticated before processing the request taught by Brown 
for the benefit of saving the work for the task server to be processed when connection is 
reestablished (see Kurowski, [0241]). 

In respect to claim 2, Brown and Kurowski disclose the method of claim 1 
wherein the determining comprises verifying an authentication token associated with the 
client (see Brown, page 2, [0021]). 

In respect to claim 3, Brown and Kurowski disclose the method of claim 2 
wherein the verifying comprises verifying that the authentication token has not timed out 
(see Brown, page 2. [0030]). 

In respect to claim 5, Brown and Kurowski disclose the method of claim 2 
wherein the authentication token is part of the request received from the client (see 
Brown, page 2 [0021]). 

In respect to claim 6, Brown and Kurowski disclose the method of claim 2 
wherein the authentication token is encrypted (see Brown, page 1, [0010]). 
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In respect to claim 7. Brown and Kurowski disclose the method of claim 1 
wherein persisting the request comprises storing the request in a file (see Kurowski, 
page 18, [0241]). 

In respect to claim 8, Brown and Kurowski disclose the method of claim 1 
wherein persisting the request comprises storing the request in a database (see 
Kurowski, page 18, [0241]). 

In respect to claim 9, Brown and Kurowski disclose the method of claim 1 further 
comprising directing the client to authenticate the session (see Brown 3, [0029]). 

In respect to claim 10, Brown and Kurowski disclose the method of claim 9 
wherein directing the client to authenticate the session comprises: 

Directing the client to a login module; and directing the an address (see Brown, 
page 3, [0029]). 

In respect to claim 1 1 , Brown and Kurowski disclose the method of claim 10 
wherein the address associated with the pending request is a URL (see Kurowski, page 
18, [0241]). 
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In respect to claim 12, 13, 18, 22, 23, and 25-27, the claimed limitation are 
similar to claim 1. Therefore, claims 12, 13, 18, 22, 23 and 25-27 are rejected based on 
the similar rationale. 

In respect to claim 14, Brown and Kurowski disclose the system of claim 13 
further comprising an authentication redirect generator configured to generate an 
instruction to redirect the client to obtain re-authorization (see Brown, page 18 [0029- 
0030], "A query. ..is made as to whether the user is authenticated. If not, a directive... is 
sent back to client device 10, typically in the fonn of a web page, requesting content for 
the user to log onto and/or register with the WAG services offered through proxy 
machine"). 

In respect to claims 15-17, claimed limitations are similar to claims 2, 11 and 13. 
Therefore, claims 15-17 are rejected based on the similar rationale. 

In respect to claims 19 and 21, the claimed limitations are system claims that are 
similar to method claims 3 and 8. Therefore, claims 19 and 20 are rejected based on 
the similar rationale. 

In respect to claim 20, Brown and Kurowski disclose the system of claim 18 
wherein the authentication redirect generator is further configured to direct the client to 
access the requestg that is stored (see Brown, page 3, [0030]). 
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In respect to claim 24, Brown and Kurowski do not disclose wherein the 
application server and the authentication entity are implemented as one server. 
However, having a central server performing authentication and processing user 
request is old and well known. It would have been obvious to one of ordinary skill in the 
art at the time the invention was made to implement a central server for authentication 
and application purposes as a matter of design choices. 

In respect to claim 28, the claimed limitation is similar to claim 14. Therefore, 
claim 28 is rejected based on the similar rationale. 

In respect to claim 29, the claimed limitation is similar to claim 20. therefore, 
claim 20 is rejected based on the similar rationale. 

5. Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Brown et 
al. (U.S. Patent Application Application (U.S. 2003/0061288 A1, hereinafter Brown) in 
view of Kurowski et al. (U.S. Patent Publication No. 2002/0019844, hereinafter 
Kurowski) and further in view of Polizzi et al. (U.S. Patent No. 2002/0023122). 

In respect to claim 4, Brown and Kurowski disclose the method of claim 2. 
Brown and Kurowski do not disclose wherein the authentication token is a cookie stored 
by the client. However, Polizzi discloses cookies based authentication for web log in 
access (see Polizzi, page 10, [0074]). Therefore, it would have been obvious to one of 
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ordinary sl^ill in the art at the time the invention was made to implement cookie based 
authentication taught by PolizzI with Brown's authentication system and Kurowski's 
storing of persistent request for the benefit of authentication cookie cached in client's 
system while client is in session. 

Conclusion 

6. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tongoc Iran whose telephone number is (571) 272- 
3843. The examiner can normally be reached on 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jacques Louis-Jacques can be reached on (571) 272-3962. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more infonnation about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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